MDKSA-2002:048

Problem description

Frank Denis discovered an off-by-one error in mod_ssl dealing with the
handling of older configuration directorives (the rewrite_command
hook). A malicious user could use a specially-crafted .htaccess file
to execute arbitrary commands as the apache user or execute a DoS
against the apache child processes.
This vulnerability is fixed in mod_ssl 2.8.10; patches have been
applied to correct this problem in these packages.